8 files changed, 288 insertions, 8 deletions

diff --git a/test/formatter_test.exs b/test/formatter_test.exs
index bb318b7d5..584700b6a 100644
--- a/test/formatter_test.exs
+++ b/test/formatter_test.exs
@@ -22,6 +22,18 @@ defmodule Pleroma.FormatterTest do
       assert expected_text ==
                Formatter.add_hashtag_links({[], text}, tags) |> Formatter.finalize()
     end
+
+    test "does not turn html characters to tags" do
+      text = "Fact #3: pleroma does what mastodon't"
+
+      expected_text =
+        "Fact <a data-tag='3' href='http://localhost:4001/tag/3' rel='tag'>#3</a>: pleroma does what mastodon't"
+
+      tags = Formatter.parse_tags(text)
+
+      assert expected_text ==
+               Formatter.add_hashtag_links({[], text}, tags) |> Formatter.finalize()
+    end
   end
 
   describe ".add_links" do
@@ -203,8 +215,11 @@ defmodule Pleroma.FormatterTest do
   end
 
   test "it can parse mentions and return the relevant users" do
-    text = "@gsimg According to @archaeme, that is @daggsy. Also hello @archaeme@archae.me"
+    text =
+      "@@gsimg According to @archaeme, that is @daggsy. Also hello @archaeme@archae.me and @o and @@@jimm"
 
+    o = insert(:user, %{nickname: "o"})
+    jimm = insert(:user, %{nickname: "jimm"})
     gsimg = insert(:user, %{nickname: "gsimg"})
     archaeme = insert(:user, %{nickname: "archaeme"})
     archaeme_remote = insert(:user, %{nickname: "archaeme@archae.me"})
@@ -212,7 +227,9 @@ defmodule Pleroma.FormatterTest do
     expected_result = [
       {"@gsimg", gsimg},
       {"@archaeme", archaeme},
-      {"@archaeme@archae.me", archaeme_remote}
+      {"@archaeme@archae.me", archaeme_remote},
+      {"@o", o},
+      {"@jimm", jimm}
     ]
 
     assert Formatter.parse_mentions(text) == expected_result
diff --git a/test/plugs/admin_secret_authentication_plug_test.exs b/test/plugs/admin_secret_authentication_plug_test.exs
new file mode 100644
index 000000000..c0fe2cf97
--- /dev/null
+++ b/test/plugs/admin_secret_authentication_plug_test.exs
@@ -0,0 +1,38 @@
+defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do
+  use Pleroma.Web.ConnCase, async: true
+  import Pleroma.Factory
+
+  alias Pleroma.Plugs.AdminSecretAuthenticationPlug
+
+  test "does nothing if a user is assigned", %{conn: conn} do
+    user = insert(:user)
+
+    conn =
+      conn
+      |> assign(:user, user)
+
+    ret_conn =
+      conn
+      |> AdminSecretAuthenticationPlug.call(%{})
+
+    assert conn == ret_conn
+  end
+
+  test "with secret set and given in the 'admin_token' parameter, it assigns an admin user", %{
+    conn: conn
+  } do
+    Pleroma.Config.put(:admin_token, "password123")
+
+    conn =
+      %{conn | params: %{"admin_token" => "wrong_password"}}
+      |> AdminSecretAuthenticationPlug.call(%{})
+
+    refute conn.assigns[:user]
+
+    conn =
+      %{conn | params: %{"admin_token" => "password123"}}
+      |> AdminSecretAuthenticationPlug.call(%{})
+
+    assert conn.assigns[:user].info.is_admin
+  end
+end
diff --git a/test/user_test.exs b/test/user_test.exs
index 1e73770df..b4d8174c6 100644
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -177,6 +177,48 @@ defmodule Pleroma.UserTest do
     end
   end
 
+  describe "user registration, with :account_activation_required" do
+    @full_user_data %{
+      bio: "A guy",
+      name: "my name",
+      nickname: "nick",
+      password: "test",
+      password_confirmation: "test",
+      email: "email@example.com"
+    }
+
+    setup do
+      setting = Pleroma.Config.get([:instance, :account_activation_required])
+
+      unless setting do
+        Pleroma.Config.put([:instance, :account_activation_required], true)
+        on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
+      end
+
+      :ok
+    end
+
+    test "it creates unconfirmed user" do
+      changeset = User.register_changeset(%User{}, @full_user_data)
+      assert changeset.valid?
+
+      {:ok, user} = Repo.insert(changeset)
+
+      assert user.info.confirmation_pending
+      assert user.info.confirmation_token
+    end
+
+    test "it creates confirmed user if :confirmed option is given" do
+      changeset = User.register_changeset(%User{}, @full_user_data, confirmed: true)
+      assert changeset.valid?
+
+      {:ok, user} = Repo.insert(changeset)
+
+      refute user.info.confirmation_pending
+      refute user.info.confirmation_token
+    end
+  end
+
   describe "get_or_fetch/1" do
     test "gets an existing user by nickname" do
       user = insert(:user)
diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs
index 3cb9b9c5b..fec97c700 100644
--- a/test/web/mastodon_api/account_view_test.exs
+++ b/test/web/mastodon_api/account_view_test.exs
@@ -55,7 +55,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         privacy: "public",
         sensitive: false
       },
-      pleroma: %{tags: []}
+      pleroma: %{
+        confirmation_pending: false,
+        tags: []
+      }
     }
 
     assert expected == AccountView.render("account.json", %{user: user})
@@ -93,7 +96,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         privacy: "public",
         sensitive: false
       },
-      pleroma: %{tags: []}
+      pleroma: %{
+        confirmation_pending: false,
+        tags: []
+      }
     }
 
     assert expected == AccountView.render("account.json", %{user: user})
diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
index 3a902f128..52441407d 100644
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -50,6 +50,26 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     assert Repo.get_by(Token, token: token)
   end
 
+  test "issues a token for `password` grant_type with valid credentials" do
+    password = "testpassword"
+    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+
+    app = insert(:oauth_app)
+
+    conn =
+      build_conn()
+      |> post("/oauth/token", %{
+        "grant_type" => "password",
+        "username" => user.nickname,
+        "password" => password,
+        "client_id" => app.client_id,
+        "client_secret" => app.client_secret
+      })
+
+    assert %{"access_token" => token} = json_response(conn, 200)
+    assert Repo.get_by(Token, token: token)
+  end
+
   test "issues a token for request with HTTP basic auth client credentials" do
     user = insert(:user)
     app = insert(:oauth_app)
@@ -93,6 +113,43 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     refute Map.has_key?(resp, "access_token")
   end
 
+  test "rejects token exchange for valid credentials belonging to unconfirmed user and confirmation is required" do
+    setting = Pleroma.Config.get([:instance, :account_activation_required])
+
+    unless setting do
+      Pleroma.Config.put([:instance, :account_activation_required], true)
+      on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
+    end
+
+    password = "testpassword"
+    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    info_change = Pleroma.User.Info.confirmation_changeset(user.info, :unconfirmed)
+
+    {:ok, user} =
+      user
+      |> Ecto.Changeset.change()
+      |> Ecto.Changeset.put_embed(:info, info_change)
+      |> Repo.update()
+
+    refute Pleroma.User.auth_active?(user)
+
+    app = insert(:oauth_app)
+
+    conn =
+      build_conn()
+      |> post("/oauth/token", %{
+        "grant_type" => "password",
+        "username" => user.nickname,
+        "password" => password,
+        "client_id" => app.client_id,
+        "client_secret" => app.client_secret
+      })
+
+    assert resp = json_response(conn, 403)
+    assert %{"error" => _} = resp
+    refute Map.has_key?(resp, "access_token")
+  end
+
   test "rejects an invalid authorization code" do
     app = insert(:oauth_app)
 
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index c16c0cdc0..1324bcc71 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -873,6 +873,89 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     end
   end
 
+  describe "GET /api/account/confirm_email/:id/:token" do
+    setup do
+      user = insert(:user)
+      info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
+
+      {:ok, user} =
+        user
+        |> Changeset.change()
+        |> Changeset.put_embed(:info, info_change)
+        |> Repo.update()
+
+      assert user.info.confirmation_pending
+
+      [user: user]
+    end
+
+    test "it redirects to root url", %{conn: conn, user: user} do
+      conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
+
+      assert 302 == conn.status
+    end
+
+    test "it confirms the user account", %{conn: conn, user: user} do
+      get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}")
+
+      user = Repo.get(User, user.id)
+
+      refute user.info.confirmation_pending
+      refute user.info.confirmation_token
+    end
+
+    test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do
+      conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}")
+
+      assert 500 == conn.status
+    end
+
+    test "it returns 500 if token is invalid", %{conn: conn, user: user} do
+      conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token")
+
+      assert 500 == conn.status
+    end
+  end
+
+  describe "POST /api/account/resend_confirmation_email" do
+    setup do
+      setting = Pleroma.Config.get([:instance, :account_activation_required])
+
+      unless setting do
+        Pleroma.Config.put([:instance, :account_activation_required], true)
+        on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
+      end
+
+      user = insert(:user)
+      info_change = User.Info.confirmation_changeset(user.info, :unconfirmed)
+
+      {:ok, user} =
+        user
+        |> Changeset.change()
+        |> Changeset.put_embed(:info, info_change)
+        |> Repo.update()
+
+      assert user.info.confirmation_pending
+
+      [user: user]
+    end
+
+    test "it returns 204 No Content", %{conn: conn, user: user} do
+      conn
+      |> assign(:user, user)
+      |> post("/api/account/resend_confirmation_email?email=#{user.email}")
+      |> json_response(:no_content)
+    end
+
+    test "it sends confirmation email", %{conn: conn, user: user} do
+      conn
+      |> assign(:user, user)
+      |> post("/api/account/resend_confirmation_email?email=#{user.email}")
+
+      Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
+    end
+  end
+
   describe "GET /api/externalprofile/show" do
     test "it returns the user", %{conn: conn} do
       user = insert(:user)
diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs
index 3d3a637b7..b7c89b605 100644
--- a/test/web/twitter_api/twitter_api_test.exs
+++ b/test/web/twitter_api/twitter_api_test.exs
@@ -275,6 +275,31 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
              UserView.render("show.json", %{user: fetched_user})
   end
 
+  @moduletag skip: "needs 'account_activation_required: true' in config"
+  test "it sends confirmation email if :account_activation_required is specified in instance config" do
+    setting = Pleroma.Config.get([:instance, :account_activation_required])
+
+    unless setting do
+      Pleroma.Config.put([:instance, :account_activation_required], true)
+      on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
+    end
+
+    data = %{
+      "nickname" => "lain",
+      "email" => "lain@wired.jp",
+      "fullname" => "lain iwakura",
+      "bio" => "",
+      "password" => "bear",
+      "confirm" => "bear"
+    }
+
+    {:ok, user} = TwitterAPI.register_user(data)
+
+    assert user.info.confirmation_pending
+
+    Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user))
+  end
+
   test "it registers a new user and parses mentions in the bio" do
     data1 = %{
       "nickname" => "john",
diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs
index 34e6d4e27..0adc69ff9 100644
--- a/test/web/twitter_api/views/user_view_test.exs
+++ b/test/web/twitter_api/views/user_view_test.exs
@@ -96,7 +96,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "default_scope" => "public",
       "no_rich_text" => false,
       "fields" => [],
-      "pleroma" => %{"tags" => []}
+      "pleroma" => %{
+        "confirmation_pending" => false,
+        "tags" => []
+      }
     }
 
     assert represented == UserView.render("show.json", %{user: user})
@@ -138,7 +141,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "default_scope" => "public",
       "no_rich_text" => false,
       "fields" => [],
-      "pleroma" => %{"tags" => []}
+      "pleroma" => %{
+        "confirmation_pending" => false,
+        "tags" => []
+      }
     }
 
     assert represented == UserView.render("show.json", %{user: user, for: follower})
@@ -181,7 +187,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "default_scope" => "public",
       "no_rich_text" => false,
       "fields" => [],
-      "pleroma" => %{"tags" => []}
+      "pleroma" => %{
+        "confirmation_pending" => false,
+        "tags" => []
+      }
     }
 
     assert represented == UserView.render("show.json", %{user: follower, for: user})
@@ -231,7 +240,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do
       "default_scope" => "public",
       "no_rich_text" => false,
       "fields" => [],
-      "pleroma" => %{"tags" => []}
+      "pleroma" => %{
+        "confirmation_pending" => false,
+        "tags" => []
+      }
     }
 
     blocker = Repo.get(User, blocker.id)